Data transfered by XDCR is sent unencrypted and when replicating between Amazon regions this means it is transitting the public internet.

You can use XDCR to connect clusters in different availability zones without transitting the public internet. This doesn't provide as much reliability but it avoids the potential security issue.

You can use a 3rd-party VPN service to tunnel data between your Amazon regions. AWS has pointed to these vendors.
* https://aws.amazon.com/solution-providers/isv/vcider
* http://aws.amazon.com/customerapps/Python/1913
* https://aws.amazon.com/solution-providers/isv/cloudswitch